FOSS app of the day: NewPipe! Found a Free and Open Source YouTube alternative app that is pretty awesome. You can run the app without a Google account or Google Play Services. You can still subscribe to channels, only that data will be stored locally on your phone instead of being tied to your Google Account. Additionally, you can download any YouTube video from the app to your phone.
Welcome to ghorr.org! This is an unprecedented time where free speech is being blatantly targeted by Big Tech. Now, the CEO of Mozilla is promoting that more that deplatforming must be done! Rhetoric like this is incredibly dangerous to free speech. ghorr is recommending you to consider alternative platforms for your internet browser that do not promote silencing free speech. Brave Browser is an excellent option to consider, which is based on Chromium, but includes a built in ad blocker and cryptocurrency payment payment system. Brave is trying to create a safer, faster, and better browsing experience, while allowing direct payments to content creators, utilizing Basic Attention Token cryptocurrency. Check out Brave on Linux, Windows, Mac, Android, and iOS.
Welcome to ghorr! A new exploit called KRACK, short for Key Reinstallation Attacks puts all WiFi clients at risk. This attack abuses a flaw in the cryptographic protocol to reinstall an already in use key. A 4-way handshake has been the standard for protected WiFi networks for 14 years, and all it takes is for an adversary to get a client to reinstall their key. After this is achieved the adversary is able to hijack the TCP stream and may inject malicious packets to a given client, or read unencrypted packets. Patches are expected to be released for routers, mobile devices, and other WiFi devices in the coming weeks. At the time of writing this article, Arch Linux has been patched, for wpa_supplicant and hostapd, so wireless machines running Arch are safe.
It is recommended to avoid connecting to any public WiFi if you are concerned about malicious activity. To help offset the exploit, prefer to connect to websites using https, or connect to the internet via VPN if you must use public WiFi. Secure your home network, and monitor your network for any malicious activity. The attacker would have to be within range of your wireless access point, so people living in apartment complexes are typically more vulnerable. Consider using MAC filtering to allow only trusted devices on your network. This isn’t even a true fix though, because MAC addresses can be spoofed. Check out the article by Vanhoef et. al titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Check out the r/KRaCK subreddit page which discusses the exploit as well.
Welcome to ghorr! Securing your data is imperative to prevent it from being compromised. Relying on cloud providers can be risky, even if they claim to have end-to-end encryption. Fortunately with GNU/Linux, you can easily secure your data before it is even uploaded to a cloud provider. Check out this tutorial on securing your Dropbox with EncFS. Enjoy! http://ghorr.org/?page_id=1030
The latest Ubuntu 17.04 will come with GNOME 3.24 out of the box. Unity 7 will still be available as an addon, however GNOME has been designated for the future. You can try out the latest Ubuntu here.